[WIP] Pass X-Forwarded headers and remove post-processing logic (#623)

Pass X-Forwarded headers and remove post-processing logic

BLUEBUTTON-132
BLUEBUTTON-133

Author: whytheplatypus

apps/fhir/bluebutton/serializers.py

@@ -10,6 +10,7 @@ def localize(request=None,
              resource_type=None):
 
     rewrite_list = build_rewrite_list(crosswalk)
+
     host_path = get_host_url(request, resource_type)[:-1]
 
     text_in = get_response_text(fhir_response=response)

apps/fhir/bluebutton/tests/test_read.py

@@ -182,7 +182,7 @@ def test_search_request(self):
         expected_request = {
             'method': 'GET',
             'url': ("https://fhir.backend.bluebutton.hhsdevcloud.us/"
-                    "baseDstu3/Patient/?_format=application%2Fjson%2Bfhir&_id=20140000008325"),
+                    "v1/fhir/Patient/?_format=application%2Fjson%2Bfhir&_id=20140000008325"),
             'headers': {
                 'User-Agent': 'python-requests/2.18.4',
                 'Accept-Encoding': 'gzip, deflate',
@@ -194,7 +194,7 @@ def test_search_request(self):
                 'BlueButton-OriginatingIpAddress': '127.0.0.1',
                 'keep-alive': 'timeout=120, max=10',
                 'BlueButton-OriginalUrl': '/v1/fhir/Patient',
-                'BlueButton-BackendCall': 'https://fhir.backend.bluebutton.hhsdevcloud.us/baseDstu3/Patient/',
+                'BlueButton-BackendCall': 'https://fhir.backend.bluebutton.hhsdevcloud.us/v1/fhir/Patient/',
             }
         }
 
@@ -252,7 +252,7 @@ def test_search_request(self):
 
         @all_requests
         def catchall(url, req):
-            self.assertIn("https://fhir.backend.bluebutton.hhsdevcloud.us/baseDstu3/Patient/", req.url)
+            self.assertIn("https://fhir.backend.bluebutton.hhsdevcloud.us/v1/fhir/Patient/", req.url)
             self.assertIn("_format=application%2Fjson%2Bfhir", req.url)
             self.assertIn("_id=20140000008325", req.url)
             self.assertEqual(expected_request['method'], req.method)
@@ -291,7 +291,7 @@ def test_search_request_not_found(self):
         expected_request = {
             'method': 'GET',
             'url': ("https://fhir.backend.bluebutton.hhsdevcloud.us/"
-                    "baseDstu3/Patient/?_format=application%2Fjson%2Bfhir&_id=20140000008325"),
+                    "v1/fhir/Patient/?_format=application%2Fjson%2Bfhir&_id=20140000008325"),
             'headers': {
                 'User-Agent': 'python-requests/2.18.4',
                 'Accept-Encoding': 'gzip, deflate',
@@ -303,13 +303,13 @@ def test_search_request_not_found(self):
                 'BlueButton-OriginatingIpAddress': '127.0.0.1',
                 'keep-alive': 'timeout=120, max=10',
                 'BlueButton-OriginalUrl': '/v1/fhir/Patient',
-                'BlueButton-BackendCall': 'https://fhir.backend.bluebutton.hhsdevcloud.us/baseDstu3/Patient/',
+                'BlueButton-BackendCall': 'https://fhir.backend.bluebutton.hhsdevcloud.us/v1/fhir/Patient/',
             }
         }
 
         @all_requests
         def catchall(url, req):
-            self.assertIn("https://fhir.backend.bluebutton.hhsdevcloud.us/baseDstu3/Patient/", req.url)
+            self.assertIn("https://fhir.backend.bluebutton.hhsdevcloud.us/v1/fhir/Patient/", req.url)
             self.assertIn("_format=application%2Fjson%2Bfhir", req.url)
             self.assertIn("_id=20140000008325", req.url)
             self.assertEqual(expected_request['method'], req.method)
@@ -348,7 +348,7 @@ def catchall(url, req):
                     "link": [
                         {
                             "relation": "self",
-                            "url": "http://hapi.fhir.org/baseDstu3/ExplanationOfBenefit?_pretty=true&patient=1234"
+                            "url": "http://hapi.fhir.org/v1/fhir/ExplanationOfBenefit?_pretty=true&patient=1234"
                         },
                     ],
                 },
@@ -370,7 +370,7 @@ def test_search_request_failed(self):
         expected_request = {
             'method': 'GET',
             'url': ("https://fhir.backend.bluebutton.hhsdevcloud.us/"
-                    "baseDstu3/Patient/?_format=application%2Fjson%2Bfhir&_id=20140000008325"),
+                    "v1/fhir/Patient/?_format=application%2Fjson%2Bfhir&_id=20140000008325"),
             'headers': {
                 'User-Agent': 'python-requests/2.18.4',
                 'Accept-Encoding': 'gzip, deflate',
@@ -382,13 +382,13 @@ def test_search_request_failed(self):
                 'BlueButton-OriginatingIpAddress': '127.0.0.1',
                 'keep-alive': 'timeout=120, max=10',
                 'BlueButton-OriginalUrl': '/v1/fhir/Patient',
-                'BlueButton-BackendCall': 'https://fhir.backend.bluebutton.hhsdevcloud.us/baseDstu3/Patient/',
+                'BlueButton-BackendCall': 'https://fhir.backend.bluebutton.hhsdevcloud.us/v1/fhir/Patient/',
             }
         }
 
         @all_requests
         def catchall(url, req):
-            self.assertIn("https://fhir.backend.bluebutton.hhsdevcloud.us/baseDstu3/Patient/", req.url)
+            self.assertIn("https://fhir.backend.bluebutton.hhsdevcloud.us/v1/fhir/Patient/", req.url)
             self.assertIn("_format=application%2Fjson%2Bfhir", req.url)
             self.assertIn("_id=20140000008325", req.url)
             self.assertEqual(expected_request['method'], req.method)
@@ -415,7 +415,7 @@ def test_search_request_failed_no_fhir_id(self):
         expected_request = {
             'method': 'GET',
             'url': ("https://fhir.backend.bluebutton.hhsdevcloud.us/"
-                    "baseDstu3/Patient/?_format=application%2Fjson%2Bfhir&_id=20140000008325"),
+                    "v1/fhir/Patient/?_format=application%2Fjson%2Bfhir&_id=20140000008325"),
             'headers': {
                 'User-Agent': 'python-requests/2.18.4',
                 'Accept-Encoding': 'gzip, deflate',
@@ -427,7 +427,7 @@ def test_search_request_failed_no_fhir_id(self):
                 'BlueButton-OriginatingIpAddress': '127.0.0.1',
                 'keep-alive': 'timeout=120, max=10',
                 'BlueButton-OriginalUrl': '/v1/fhir/Patient',
-                'BlueButton-BackendCall': 'https://fhir.backend.bluebutton.hhsdevcloud.us/baseDstu3/Patient/',
+                'BlueButton-BackendCall': 'https://fhir.backend.bluebutton.hhsdevcloud.us/v1/fhir/Patient/',
             }
         }
 
@@ -447,7 +447,7 @@ def fhir_request(url, req):
 
         @all_requests
         def catchall(url, req):
-            self.assertIn("https://fhir.backend.bluebutton.hhsdevcloud.us/baseDstu3/Patient/", req.url)
+            self.assertIn("https://fhir.backend.bluebutton.hhsdevcloud.us/v1/fhir/Patient/", req.url)
             self.assertIn("_format=application%2Fjson%2Bfhir", req.url)
             self.assertIn("_id=20140000008325", req.url)
             self.assertEqual(expected_request['method'], req.method)
@@ -507,7 +507,7 @@ def test_read_request(self):
 
         expected_request = {
             'method': 'GET',
-            'url': 'https://fhir.backend.bluebutton.hhsdevcloud.us/baseDstu3/Patient/20140000008325/?_format=json',
+            'url': 'https://fhir.backend.bluebutton.hhsdevcloud.us/v1/fhir/Patient/20140000008325/?_format=json',
             'headers': {
                 'User-Agent': 'python-requests/2.18.4',
                 'Accept-Encoding': 'gzip, deflate',
@@ -519,7 +519,7 @@ def test_read_request(self):
                 'BlueButton-OriginatingIpAddress': '127.0.0.1',
                 'keep-alive': 'timeout=120, max=10',
                 'BlueButton-OriginalUrl': '/v1/fhir/Patient/20140000008325',
-                'BlueButton-BackendCall': 'https://fhir.backend.bluebutton.hhsdevcloud.us/baseDstu3/Patient/20140000008325/',
+                'BlueButton-BackendCall': 'https://fhir.backend.bluebutton.hhsdevcloud.us/v1/fhir/Patient/20140000008325/',
             }
         }
 

apps/fhir/bluebutton/utils.py

@@ -182,6 +182,12 @@ def set_default_header(request, header=None):
         header = {}
 
     header['keep-alive'] = settings.REQUEST_EOB_KEEP_ALIVE
+    if request.is_secure():
+            header['X-Forwarded-Proto'] = "https"
+    else:
+        header['X-Forwarded-Proto'] = "http"
+
+    header['X-Forwarded-Host'] = request.get_host()
 
     return header
 

apps/fhir/bluebutton/views/generic.py

@@ -17,7 +17,6 @@
 from ..authentication import OAuth2ResourceOwner
 from ..permissions import (HasCrosswalk, ResourcePermission)
 from ..exceptions import UpstreamServerException
-from ..serializers import localize
 from ..utils import (build_fhir_response,
                      FhirServerVerify,
                      get_resourcerouter)
@@ -106,10 +105,7 @@ def fetch_data(self, request, resource_type, *args, **kwargs):
 
         self.validate_response(response)
 
-        out_data = localize(request=request,
-                            response=response,
-                            crosswalk=request.crosswalk,
-                            resource_type=resource_type)
+        out_data = r.json()
 
         self.check_object_permissions(request, out_data)
 

apps/testclient/fixtures/testfixture.json

@@ -1 +1 @@
-[{"model": "server.resourcerouter", "pk": 1, "fields": {"name": "HHS IDEA Lab Sandbox[Default]", "server_address": "https://fhir.backend.bluebutton.hhsdevcloud.us", "server_path": "/", "server_release": "baseDstu3/", "server_search_expiry": 1800, "fhir_url": "https://fhir.backend.bluebutton.hhsdevcloud.us/baseDstu3/", "shard_by": "Patient", "client_auth": true, "cert_file": "./ca.cert.pem", "key_file": "./ca.key.nocrypt.pem", "server_verify": false, "wait_time": 30, "supported_resource": [1, 2, 3]}}, {"model": "server.supportedresourcetype", "pk": 1, "fields": {"resource_name": "Patient", "fhir_source": 1, "resourceType": "Patient", "secure_access": true, "json_schema": "{}", "get": true, "read": true, "vread": true, "history": true, "search": true, "put": false, "create": false, "update": false, "patch": false, "delete": false, "override_url_id": true, "override_search": false, "search_block": "Patient, patient", "search_add": ""}}, {"model": "server.supportedresourcetype", "pk": 2, "fields": {"resource_name": "Coverage", "fhir_source": 1, "resourceType": "Coverage", "secure_access": true, "json_schema": "{}", "get": true, "read": true, "vread": true, "history": true, "search": true, "put": false, "create": false, "update": false, "patch": false, "delete": false, "override_url_id": false, "override_search": false, "search_block": "Patient, patient", "search_add": "beneficiary=Patient/%PATIENT%"}}, {"model": "server.supportedresourcetype", "pk": 3, "fields": {"resource_name": "ExplanationOfBenefit", "fhir_source": 1, "resourceType": "ExplanationOfBenefit", "secure_access": true, "json_schema": "{}", "get": true, "read": true, "vread": true, "history": true, "search": true, "put": false, "create": false, "update": false, "patch": false, "delete": false, "override_url_id": false, "override_search": true, "search_block": "patient, Patient", "search_add": "patient=%PATIENT%"}}]
+[{"model": "server.resourcerouter", "pk": 1, "fields": {"name": "HHS IDEA Lab Sandbox[Default]", "server_address": "https://fhir.backend.bluebutton.hhsdevcloud.us", "server_path": "/", "server_release": "v1/fhir/", "server_search_expiry": 1800, "fhir_url": "https://fhir.backend.bluebutton.hhsdevcloud.us/v1/fhir/", "shard_by": "Patient", "client_auth": true, "cert_file": "./ca.cert.pem", "key_file": "./ca.key.nocrypt.pem", "server_verify": false, "wait_time": 30, "supported_resource": [1, 2, 3]}}, {"model": "server.supportedresourcetype", "pk": 1, "fields": {"resource_name": "Patient", "fhir_source": 1, "resourceType": "Patient", "secure_access": true, "json_schema": "{}", "get": true, "read": true, "vread": true, "history": true, "search": true, "put": false, "create": false, "update": false, "patch": false, "delete": false, "override_url_id": true, "override_search": false, "search_block": "Patient, patient", "search_add": ""}}, {"model": "server.supportedresourcetype", "pk": 2, "fields": {"resource_name": "Coverage", "fhir_source": 1, "resourceType": "Coverage", "secure_access": true, "json_schema": "{}", "get": true, "read": true, "vread": true, "history": true, "search": true, "put": false, "create": false, "update": false, "patch": false, "delete": false, "override_url_id": false, "override_search": false, "search_block": "Patient, patient", "search_add": "beneficiary=Patient/%PATIENT%"}}, {"model": "server.supportedresourcetype", "pk": 3, "fields": {"resource_name": "ExplanationOfBenefit", "fhir_source": 1, "resourceType": "ExplanationOfBenefit", "secure_access": true, "json_schema": "{}", "get": true, "read": true, "vread": true, "history": true, "search": true, "put": false, "create": false, "update": false, "patch": false, "delete": false, "override_url_id": false, "override_search": true, "search_block": "patient, Patient", "search_add": "patient=%PATIENT%"}}]

apps/testclient/tests.py

@@ -89,7 +89,7 @@ def test_get_patient_negative(self):
             self.testclient_setup['patient_uri'], self.another_patient)
         response = self.client.get(uri)
         print(response.content)
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 404)
 
     def test_get_eob(self):
         """
@@ -103,6 +103,9 @@ def test_get_eob(self):
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response['Content-Type'], "application/json")
         self.assertEqual(len(response_data['entry']), 12)
+        self.assertEqual(
+            response_data['entry'][0]['fullUrl'],
+            "http://testserver/v1/fhir/ExplanationOfBenefit/carrier-20587716665")
         self.assertContains(response, "ExplanationOfBenefit")
 
     def test_bad_count(self):
@@ -118,20 +121,20 @@ def test_bad_offset(self):
         self.assertEqual(response.status_code, 400)
 
     def test_offset_math(self):
-        uri = "%s?patient=%s&count=12&startIndex=133" % (
+        uri = "%s?patient=%s&count=12&startIndex=25" % (
             self.testclient_setup['eob_uri'], self.patient)
         response = self.client.get(uri)
         response_data = response.json()
         self.assertEqual(response.status_code, 200)
+        self.assertEqual(response_data['total'], 32)
         self.assertEqual(len(response_data['entry']), 7)
-        self.assertEqual(response_data['total'], 140)
         previous_links = [data['url'] for data in response_data['link'] if data['relation'] == 'previous']
         next_links = [data['url'] for data in response_data['link'] if data['relation'] == 'next']
         first_links = [data['url'] for data in response_data['link'] if data['relation'] == 'first']
         self.assertEqual(len(previous_links), 1)
         self.assertEqual(len(next_links), 0)
         self.assertEqual(len(first_links), 1)
-        self.assertIn('startIndex=121', previous_links[0])
+        self.assertIn('startIndex=13', previous_links[0])
         self.assertIn('startIndex=0', first_links[0])
         self.assertContains(response, "ExplanationOfBenefit")